Cannot use TLS with selfhosted SMTP server

dhellstern · March 14, 2021, 10:21am

I’ve been attempting to get email notifications set up using a local Postfix server I set up a while ago. The server is pretty standard and works on everything else, but Duplicati isn’t able to verify the server certificate when connecting using SSL or STARTTLS. I use a certificate issued by my internal CA, and I’ve imported the root into the /etc/ssl/certs/ directory, as well as into the certmgr Trust store. I’ve also manually imported the server certificate into the AddressBook store to try to trust it directly. Unlike some of the other threads I’ve seen with similar issues, my Duplicati is running in a TrueNAS (FreeBSD) jail, rather than on a Linux system, and I’m using a private server and privately signed certificate rather than a public relay like Gmail with a publicly trusted cert, so most of the specific suggestions don’t work. The error when I try to run a send-mail is the following:

Whole SMTP communication: Connected to smtp://<hostname>:587/?starttls=always
S: 220 <hostname> ESMTP Postfix (Debian/GNU)
C: EHLO [<ip>]
S: 250-<hostname>
S: 250-PIPELINING
S: 250-SIZE 10240000
S: 250-ETRN
S: 250-STARTTLS
S: 250-AUTH PLAIN LOGIN
S: 250-ENHANCEDSTATUSCODES
S: 250-8BITMIME
S: 250-DSN
S: 250-SMTPUTF8
S: 250 CHUNKING
C: STARTTLS
S: 220 2.0.0 Ready to start TLS

Failed to send message: MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.

The SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. The certificate presented by the server is expired or invalid.

See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#InvalidSslCertificate for possible solutions.
--> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception.
--> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
  at /wrkdirs/usr/ports/lang/mono/work/mono-5.10.1.57/external/boringssl/ssl/handshake_client.c:1132
 => An error occurred while attempting to establish an SSL or TLS connection.

The SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. The certificate presented by the server is expired or invalid.

See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#InvalidSslCertificate for possible solutions.
Return code: 0

I’ve even gone as far as using openssl s_client to manually connect, and it properly trusts the certificate and can connect, but Mono and Duplicati aren’t playing as nice with it.

EDIT: Adding the configuration options:

--send-mail-from=Source <source@example.com>
--send-mail-to=Destination <destination@example.com>
--send-mail-url=smtp://<hostname>:587/?starttls=always
--send-mail-username=<username>
--send-mail-password=<password>

ts678 · March 14, 2021, 12:57pm

Is all of your testing in same FreeBSD jail that Duplicati is in? FWIW I don’t have a system like yours.

Secure Socket Layer (SSL) / Transport Layer Security (TLS) gives a mono test that possibly could be adapted for your SMTP server. URI seems to take the usual :<port>. I’m not sure what your server’s reaction to an HTTP request will be, but if a certificate failure happens, you probably won’t get that far.

dhellstern · March 15, 2021, 12:01am

All my testing has been in the jail.

I tried connecting using the linked code to port 465 (the SSL-only port), and sure enough, I get a CERTIFICATE_VERIFY_FAILED error. I’m not sure why this is the case, though. For some background, the server certificate is issued by an intermediate certificate signed by the root, which I’ve imported using certmgr. While this is an indirect trust, Postfix provides the entire chain during negotiation, so the client has the full chain available. I suppose it’s possible there’s a bug with this type of setup and it ignores the intermediates, or perhaps I’ve imported incorrectly somehow? Also, the certificates are ECC, not RSA certificates, though these should be fully supported by Mono as far as I’m aware.

As a side note, while trying to follow the instructions you linked, I ran cert-sync on my root certificate, expecting it to be imported similar to certmgr. However, this deleted all the other root certificates in the Trust store. I had to re-import from the ca-root-nss bundle. Currently, if I try to list the trusted roots with certmgr -list -c -v -m Trust, it gets to GeoTrust’s root, the throws the following:

System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.10045.4.3.3

However, I’ve confirmed that this does not have an effect on Duplicati or code run with Mono, which still trusts CAs not listed due to the error. I’m not quite sure how to fix the issue but for the moment it appears to not be completely broken.

EDIT: That error actually… might be my CA, or a similar one. The error didn’t happen before, when I first imported it, so absolutely no clue why it would happen now, but the OID in the error is for ecdsa-with-SHA384, which is what I use.

EDIT2: Even if I delete my certificate by running cert-sync again, I still get the error, so it must be another root in the bundle which uses that algorithm. I’m not sure how I should properly import them, then.

ts678 · March 15, 2021, 12:28pm

Contribute to the Project describes the Mono project’s support resources. They know it better than I do.
Browsing their GitHub issues (including closed ones) can be done by you, but a sample of findings are:

httpcfg doesn’t support intermediate certificates #20505

Webrequest to server which intermediate certificate expired fail and validation is not switched to the newer certifcate chain (like Firefox or chrome do it) #19886

OpenSSL TLS Provider - Revisited #19720 just highlights that this isn’t openssl, so behavior might vary. Maybe you could find some other software (maybe a browser) that uses BoringSSL to compare against.

I think you know certificates better than I do, and only you know the details of what you have, so probably Internet search or working with mono project would go better than hoping for an expert in Duplicati forum.
Still, if any experts are reading the forum, feel free to assist.